- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Spanning tree and loop prevention options
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2008 06:55 AM - last edited on тАО04-19-2015 11:50 PM by Maiko-I
тАО08-26-2008 06:55 AM - last edited on тАО04-19-2015 11:50 PM by Maiko-I
I have multiple 4200vl access switches and a 5300xl at the core and I'm running MSTP. I'd like to allow smaller switches to connect to the access ports if necessary but not participate in any form of STP.
Scenario 1:
Should I enable bpdu-filter with loop-protect on the access ports?
Scenario 2:
If I reconfigure access ports with "admin-edge-port" and setup bpdu-protection on those ports, would/could this prevent a managed switch running STP (or MSTP?) from working on an access port- even if there's no loop?
Does "admin-edge-port" work in conjunction with "bpdu-protection"?
P.S. this thread ahs been moevd from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. - Hp Forum moderator
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2008 07:05 AM
тАО08-26-2008 07:05 AM
SolutionAdmin-edge-port just puts the port into forwarding immediately without going through the blocking stage of STP.
BPDU-protection will disable the port as soon as it receives a BPDU, so you probably don't want to use that.
One thing I've noticed with loop-protect is that you may want to set the interval down to 1 second to get the best results. If a loop is created on an external switch, and THEN it is plugged into a loop-protect port, with the default 5 second interval loop-protect might have a very difficult time in disabling that port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2008 07:15 AM
тАО08-26-2008 07:15 AM
Re: Spanning tree and loop prevention options
Is there anything else you'd recommend?
It looks like I could also use "root-guard", but "loop-protect" looks like it might be simpler.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-27-2008 06:39 AM
тАО08-27-2008 06:39 AM
Re: Spanning tree and loop prevention options
If you don't expect more than X amount of mac-addresses on a port, you could also set port-security to learn limited-continuous. It's an idea I've been toying with to hopefully overcome the loop-protect interval issue I mentioned in the last post. e.g. if more than 32 mac-addresses were detected on a port where you couldn't envision a reason for it (possibly a loop), disable the port.
I haven't properly thought that idea through though, still a work in progress.
For now I think admin-edge-port, bpdu-filter and loop-protect interval 1 is the safest bet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-27-2008 07:43 AM
тАО08-27-2008 07:43 AM
Re: Spanning tree and loop prevention options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-21-2009 12:32 AM
тАО10-21-2009 12:32 AM
Re: Spanning tree and loop prevention options
I tested Loop-Protect on a 2610, and I've noticed something :
The loop-protection functionnality works fine when Spanning-Tree is disabled, but when I enable it, the Loop-Protection didn't work.
The port stays in a Forwarding State. Even if I plug a another device with a loop on it.
I put the following parameters :
spanning-tree
loop-protect 1-12
loop-protect transmit-interval 1 disable-timer 10
Is it normal or is there something special to do ?
My firmware version is a R.11.25.
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-15-2011 10:01 AM
тАО08-15-2011 10:01 AM
Re: Spanning tree and loop prevention options
although this is an old post the information is still relevant.
I have also found that the above configuration of alegall will not disable the port but will only put the port into a "blocking" state when using STP and loop-rotect at the same time.
The only settings that appeared to work for me we as follows:
HP Procurve 2810
loop-protect 1-44
loop-protect transmit-interval 2 disable-timer 5
spanning-tree
spanning-tree 1-44 admin-edge-port
spanning-tree 1-44 bpdu-filter
no spanning-tree 1-44 auto-edge-port
This config works to disable the ports that have loops detected on them as if they were end user devices etc... and the uplink ports 45-48 are still enabled in the STP protocol.
I hope this helps others as i have spent hours reading these forums for this answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2015 03:08 PM
тАО04-16-2015 03:08 PM
Re: Spanning tree and loop prevention options
One of the main purposes of Loop Proteccion protocol is to prevent loops on edge ports conected to unmanaged SWs that don't transmit BPDU packets - these SWs drop BPDU packets. If we have Loop Proteccion and Spanning T activated at the same time on not uplinks ports and we plug a manged SW that handle BPDUs in one of these ports, Spanning tree will take precedende (According to my experience), but in theory I think it will depend on how we play with BPDU/Loop-Proteccion packets retransmision time. In both scenarios we will get as result a port Blocked or turned off which will resolve our issue.
- consider that having "loop-protec disable-timer 0" ( Default ) will force us to enable the trouble port manually, but with Spanning T, it will depend on reconvergence.